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AMENDMENTS TO THE CLAIMS 

1-54. (Canceled) 

55. (Currently amended) A computer-implemented method for privacy management, 
comprising: 

providing a linked collection of Web pages, comprising at least first and second 
Web pages, on a Web site maintained by an enterprise, so as to enable a user to 
exchange information with the enterprise via the Web pages; 

assigning , by the enterprise, respective, non-uniform privacy policies to at least 
some of the Web pages regarding use of the information that is exchanged through the 
Web pages, the privacy policies comprising at least a first privacy policy assigned to the 
first Web page and a second, different privacy policy assigned to the second Web page; 

providing to the user accessing the first and second Web pages the respective 
privacy policies for the first and second Web page; and 

exchanging the information with the user via the Web site subject to the non- 
uniform privacy policies, such that at least a first portion of the information is 
exchanged via the first Web page subject to the first privacy policy, and at least a 
second portion of the information is exchanged via the second Web page subject to the 
second privacy policy. 

56. (Previously presented) A method according to claim 55, wherein exchanging the 
information with the user comprises receiving private information submitted to the 
enterprise by the user. 

57. (Previously presented) A method according to claim 56, wherein receiving the 
private information comprises receiving the user's agreement to at least one of the 
privacy policies, and recording the private information together with an indication of 
the at least one of the privacy policies agreed upon. 

58. (Previously presented) A method according to claim 57, and comprising: 
intercepting a request from an application to use the private information 

received from the user; 

querying the application to determine its compliance with the at least one of the 
privacy policies subject to which the requested information was received; and 

providing the requested information subject to the compliance of the application 
with the at least one of the privacy policies. 
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59. (Previously presented) A method according to claim 55, wherein providing the 
linked collection of Web pages comprises arranging the Web pages in a hierarchy of 
nodes that comprises a root node, such that each of the nodes except for the root node 
has a parent node in the hierarchy, and 

wherein assigning the privacy policies comprises assigning to each of at least 
some of the nodes, including the nodes associated with the first and second Web pages, 
one or more respective privacy rules regarding use of the information that is associated 
with the nodes, and setting for each of the nodes a node privacy policy that comprises 
the privacy rules assigned to the node combined, for each of the nodes except the root 
node, with the node privacy policy of its parent node. 

60. (Previously presented) A method according to claim 55, wherein providing the 
respective privacy policies comprises informing the user who has exchanged the 
information associated with the first Web page subject to the first privacy policy of a 
difference in the second privacy policy relative to the first privacy policy before 
exchanging the information associated with the second Web page. 

61. (Previously presented) A method according to claim 55, wherein assigning the 
non-uniform privacy policies comprises assigning an initial privacy policy to the first 
Web page, and subsequently making a change in the initial privacy policy so as to 
assign a modified privacy policy to the first Web page, and wherein providing the 
privacy policies to the user comprises informing the user who has exchanged 
information with the first Web page subject to the initial privacy policy of the change. 

62. (Previously presented) A method according to claim 61, wherein informing the 
user comprises prompting the user to provide an input to indicate whether the user 
accepts or rejects the change. 

63. (Previously presented) A method according to claim 55, wherein assigning the 
privacy policies comprises storing the privacy policies in a computer server belonging 
to the enterprise, and wherein providing the privacy policies to the user comprises 
intercepting a request by the user to access the first Web page and providing the first 
privacy policy to the user responsive to the request. 

64. (Previously presented) A method according to claim 55, wherein providing the 
privacy policies comprises conveying the policies in a standard form for presentation by 
a Web browser. 
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65. (Previously presented) A method according to claim 64, wherein the standard 
form comprises a form specified by the Platform for Privacy Preferences Project (P3P). 

66. (Previously presented) A method according to claim 55, wherein assigning the 
non-uniform privacy policies comprises determining a rating for each of the policies 
based on a predetermined rating scale. 

67. (Previously presented) A method according to claim 55, wherein assigning the 
non-uniform privacy policies comprises defining first and second user classes and 
defining, for a given one of the Web pages, different first and second class privacy 
policies, respectively, for the first and second user classes, and wherein providing the 
privacy policies to the user comprises determining whether the user belongs to the first 
or second class, and providing the first or the second class privacy policy accordingly. 

68. (Previously presented) A computer- implemented method for privacy 
management, comprising: 

arranging a body of information in a hierarchy of nodes that comprises a root 
node, such that each of the nodes except for the root node has one or more ancestor 
nodes in the hierarchy; 

assigning to each of at least some of the nodes one or more respective privacy 
rules regarding use of the information that is associated with the node; 

receiving a request from a user to access a given node; 

computing a node privacy policy for the given node by combining the privacy 
rules assigned to the given node with node privacy policies of the ancestor nodes of the 
given node in the hierarchy; 

providing the computed node privacy policy to the user; and 
exchanging with the user at least a portion of the information that is associated 
with the given node subject to the provided privacy policy. 

69. (Previously presented) A method according to claim 68, wherein exchanging the 
information with the user comprises receiving private information submitted by the 
user. 

70. (Previously presented) A method according to claim 68, wherein arranging the 
body of information comprises associating the nodes with respective Web pages 
accessible through a Web site. 
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71. (Currently amended) A method according to claim 68, wherein assigning the 
respective privacy rules comprises representing the privacy rules assigned to each of the 
at least some of the nodes as respective policy sections, which are written in an 
ext e nded extensible markup language (XML) and comprise an attribute identifying a 
parent node in the hierarchy. 

72. (Previously presented) A computer-implemented method for privacy 
management, comprising: 

providing a linked collection of interactive resources through which a user is 
able to exchange information with an enterprise that provides the resources, at least 
some of the resources having privacy policies associated therewith regarding use of the 
information that is exchanged through the resources; 

receiving information from users who access the resources subject to the privacy 
policies; 

intercepting a request from an application to use the information received from 
the users; 

upon receiving the request from the application, querying the application to 
determine compliance of the application with the privacy policies subject to which the 
requested information was received; and 

providing the requested information to the application subject to the compliance 
of the application with the privacy policies. 

73. (Previously presented) A method according to claim 72, wherein the collection 
of interactive resources comprises a collection of Web pages accessible through a Web 
site of the enterprise. 

74. (Previously presented) A method according to claim 72, wherein providing the 
linked collection of resources comprises associating non-uniform privacy policies with 
the resources, and wherein receiving the information comprises receiving and storing 
different items of the information subject to different privacy rules from among the non- 
uniform privacy policies. 

75. (Previously presented) A method according to claim 74, wherein providing the 
requested information comprises checking the compliance of the application with the 
privacy rules respectively applicable to each of the items of the information requested 
by the application. 
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76. (Previously presented) A method according to claim 74, wherein providing the 
requested information comprises determining that the application does not comply with 
the rules respectively applicable to a given item of the information, and refusing to 
provide the requested information with respect to the given item, while providing other 
information with respect to which the application does comply with the respectively 
applicable rules. 

77. (Previously presented) A method according to claim 72, wherein receiving the 
information comprises receiving the information from first and second users subject to 
respective first and second privacy policies, and wherein providing the requested 
information comprises checking the compliance of the application with both the first and 
the second privacy policies. 

78. (Previously presented) A method according to claim 72, and comprising making 
a record of the request and of the information provided responsive thereto in a log for 
review in a subsequent privacy audit. 

79. (Currently amended) Apparatus for privacy management, comprising a 
computer enterprise server arranged to provide a linked collection of Web pages, 
comprising at least first and second Web pages, on a Web site maintained by an 
enterprise, so as to enable a user to exchange information with the enterprise via the 
Web pages, and to permit the enterprise to assign respective, non-uniform privacy 
policies to at least some of the Web pages regarding use of the information that is 
exchanged through the Web pages, the privacy policies comprising at least a first 
privacy policy assigned to the first Web page and a second, different privacy policy 
assigned to the second Web page, and further arranged to provide to the user accessing 
the first and second Web pages the respective privacy policies for the first and second 
Web page, and to exchange the information with the user via the Web site subject to the 
non-uniform privacy policies, such that at least a first portion of the information is 
exchanged via the first Web page subject to the first privacy policy, and at least a 
second portion of the information is exchanged via the second Web page subject to the 
second privacy policy. 

80. (Previously presented) Apparatus according to claim 79, wherein the 
information exchanged with the user comprises private information submitted to the 
enterprise by the user. 
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81. (Previously presented) Apparatus according to claim 80, wherein the server is 
arranged to receive the user's agreement to at least one of the privacy policies, and to 
record the private information together with an indication of the at least one of the 
privacy policies agreed upon. 

82. (Previously presented) Apparatus according to claim 81, wherein the server is 
further arranged to intercept a request from an application to use the private information 
received from the user, to query the application to determine its compliance with the at 
least one of the privacy policies subject to which the requested information was 
received, and to provide the requested information subject to the compliance of the 
application with the at least one of the privacy policies. 

83. (Previously presented) Apparatus according to claim 79, wherein the Web pages 
are arranged in a hierarchy of nodes that comprises a root node, such that each of the 
nodes except for the root node has a parent node in the hierarchy, and wherein the 
server is arranged to associate with each of at least some of the nodes, including the 
nodes associated with the first and second Web pages, one or more respective privacy 
rules regarding use of the information that is associated with the nodes, and to set for 
each of the nodes a node privacy policy that comprises the privacy rules assigned to the 
node combined, for each of the nodes except the root node, with the node privacy 
policy of its parent node. 

84. (Previously presented) Apparatus according to claim 79, wherein the server is 
arranged to inform the user who has exchanged the information associated with the first 
Be page to the first privacy policy of a difference in the second privacy policy relative 
to the first privacy policy before exchanging the information associated with the second 
Web page. 

85. (Previously presented) Apparatus according to claim 79, wherein the server is 
arranged to assign an initial privacy policy to the first Web page, and subsequently to 
receive an indication of a change in the initial privacy policy so as to assign a modified 
privacy policy to the first Web page, and to inform a user who has exchanged 
information with the first Web page subject to the initial privacy policy of the change. 

86. (Previously presented) Apparatus according to claim 85, wherein the server is 
arranged to generate a prompt to the user to provide an input to indicate whether the 
user accepts or rejects the change. 
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87. (Previously presented) Apparatus according to claim 79, wherein the server is 
adapted to convey the policy to a client computer in a standard form for presentation by 
a Web browser. 

88. (Previously presented) Apparatus according to claim 87, wherein the standard 
form comprises a form specified by the Platform for Privacy Preferences Project (P3P). 

89. (Previously presented) Apparatus according to claim 79, wherein the server is 
arranged to determine a rating for each of the policies based on a predetermined rating 
scale. 

90. (Previously presented) Apparatus according to claim 79, wherein the server is 
arranged to receive a definition of first and second user classes and, for a given one of 
the resources, different first and second class privacy policies, respectively, for the first 
and second user classes, and to determine whether the user belongs to the first or 
second class and to provide the first or the second class privacy policy to the user 
accordingly. 

91. (Previously presented) Apparatus for privacy management, comprising a 
computer server arranged to receive and store a body of information in a hierarchy of 
nodes that comprises a root node, such that each of the nodes except for the root node 
has one or more ancestor nodes in the hierarchy, together with an assignment to each of 
at least some of the nodes of one or more respective privacy rules regarding use of the 
information that is associated with the node, 

wherein the server is arranged, in response a request from a user to access a 
given node, to compute a node privacy policy for the given node by combining the 
privacy rules assigned to the given node with node privacy policies of the ancestor 
nodes of the given node in the hierarchy, to provide the computed node privacy policy 
to the user, and to exchange with the user at least a portion of the information that is 
associated with the given node subject to the provided privacy policy. 

92. (Previously presented) Apparatus according to claim 91, wherein the 
information exchanged with the user comprises private information submitted to the 
server by the user. 

93. (Previously presented) Apparatus according to claim 91, wherein the body of 
information comprises a collection of Web pages accessible through a Web site, and 
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wherein the server is arranged to associate the nodes with respective ones of the Web 
pages. 

94. (Currently amended) A method Apparatus according to claim 91, wherein the 
server is arranged to represent the privacy rules assigned to each of the at least some of 
the nodes as respective policy sections, which are written in an e xt e nded extensible 
markup language (XML) and comprise an attribute identifying a parent node in the 
hierarchy. 

95. (Previously presented) Apparatus for privacy management, comprising a 
computer enterprise server arranged to provide a linked collection of interactive 
resources through which a user is able to exchange information with an enterprise that 
provides the resources, at least some of the resources having privacy policies associated 
therewith regarding use of the information that is exchanged through the resources, and 
to receive information from users who access the resources subject to the privacy 
policies, 

wherein the server is arranged to intercept a request from an application to use 
the information received from the users, and upon receiving the request, to query the 
application to determine compliance of the application with the privacy policies subject 
to which the requested information was received, and to provide the requested 
information to the application subject to the compliance of the application with the 
privacy policies. 

96. (Previously presented) Apparatus according to claim 95, wherein the collection 
of interactive resources comprises a collection of Web pages accessible through a Web 
site of the enterprise. 

97. (Previously presented) Apparatus according to claim 95, wherein the server is 
arranged to associate non-uniform privacy policies with the resources, and to receive 
and store different items of the information subject to different privacy rules from 
among the non-uniform privacy policies. 

98. (Previously presented) Apparatus according to claim 97, wherein the server is 
arranged to check the compliance of the application with the privacy rules respectively 
applicable to each of the items of the information requested by the application. 

99. (Previously presented) Apparatus according to claim 97, wherein when the 
server is arranged, upon determining that the application does not comply with the rules 
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respectively applicable to a given item, to refuse to provide the requested information 
with respect to the given item, while providing other information with respect to which 
the application does comply with the respectively applicable rules. 

100. (Previously presented) Apparatus according to claim 95, wherein the server is 
arranged to receive the information from first and second ones of the users subject to 
respective first and second privacy policies, and to check the compliance of the 
application with both the first and the second privacy policies. 

101. (Previously presented) Apparatus according to claim 95, wherein the server is 
adapted to make a record of the request and of the information provided responsive 
thereto in a log for review in a subsequent privacy audit. 

102. (Currently amended) A computer software product for privacy management, 
comprising a computer-readable medium in which program instructions are stored, 
which instructions, when read by a computer, cause the computer to provide a linked 
collection of Web pages, comprising at least first and second Web pages, on a Web site 
maintained by an enterprise, so as to enable a user to exchange information with the 
enterprise via the Web pages, and to permit the enterprise to assign respective, non- 
uniform privacy policies to at least some of the Web pages regarding use of the 
information that is exchanged through the Web pages, the privacy policies comprising 
at least a first privacy policy assigned to the first Web page and a second, different 
privacy policy assigned to the second Web page, 

wherein the instructions further cause the computer to provide to the user 
accessing the first and second Web pages the respective privacy policies for the first and 
second Web page, and to exchange the information with the user via the Web site 
subject to the non-uniform privacy policies, such that at least a first portion of the 
information is exchanged via the first Web page subject to the first privacy policy, and 
at least a second portion of the information is exchanged via the second Web page 
subject to the second privacy policy. 

103. (Previously presented) A product according to claim 102, wherein the 
information exchanged with the user comprises private information submitted to the 
enterprise by the user, and wherein the instructions cause the computer to receive and 
store the private information together with an indication of the privacy policy agreed 
upon. 
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104. (Previously presented) A computer software product for privacy management, 
comprising a computer-readable medium in which program instructions are stored, 
which instructions, when read by a computer, cause the computer to arrange a body of 
information in a hierarchy of nodes that comprises a root node, such that each of the 
nodes except for the root node has one or more ancestor nodes in the hierarchy, to 
assign to each of at least some of the nodes one or more respective privacy rules 
regarding use of the information that is associated with the node, 

wherein the instructions cause the computer, in response a request from a user 
to access a given node, to compute a node privacy policy for the given node by 
combining the privacy rules assigned to the given node with node privacy policies of the 
ancestor nodes of the given node in the hierarchy, to provide the computed node 
privacy policy to the user, and to exchange with the user at least a portion of the 
information that is associated with the given node subject to the provided privacy 
policy. 

105. (Previously presented) A computer software product for privacy management, 
comprising a computer-readable medium in which program instructions are stored, 
which instructions, when read by a computer, cause the computer to provide a linked 
collection of interactive resources through which a user is able to exchange information 
with an enterprise that provides the resources, at least some of the resources having 
privacy policies associated therewith regarding use of the information that is exchanged 
through the resources, and to receive information from users who access the resources 
subject to the privacy policies, 

wherein the instructions cause the computer to intercept a request from an 
application to use the information received from the users, to query the application to 
determine its compliance with the privacy policies subject to which the requested 
information was received, and to provide the requested information subject to the 
compliance of the application with the privacy policies. 
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